Hi all I have a workstation that is now reporting the lssas.dll file to be infected with win32/psw.qqrob.naq virus. The atatched screenshot shows the infection and NOD32 unable to remove it as its in use already. After booting into safemode and trying doing another in-depth anaylis no infected files where found. While in safemode went directly to the system32 folder and deleted the lsass.dll file. Booted into windows as normal, started the scan and again the lsass.dll file was found by NOD to be infected. I will be taking the HDD out the case and set it as a slave to scan from another system. Can someone make sense whats happening here?